.
gnu tar munged gzip into tar to create a hybrid.
gunzip -c filename.tar.gz | tar xvf -
or
gunzip filename.tar.gz
tar xvf filename.tar
works just great on Solaris and any other Unix platform.
--
john r pierceN 37, W 123
santa cruz ca
On 05/24/11 3:26 PM, Eric S. Eberhard wrote:
If you tried to open it in Winzip (which can open tar files and tar.gz
files) you can see if it is the Solaris or the file.
To have Winzip do the tar.gz rename it to simply .tgz ...
You could always transfer it from your PC if you do it this way --
/library/aa380123%28v=VS.85%29.aspx
--
john r pierceN 37, W 123
santa cruz ca mid-left coast
__
OpenSSL Project http://www.openssl.org
User Support
On 05/10/11 11:03 PM, Mohan Radhakrishnan wrote:
Hi,
I have checked my keystore and truststore and the intermediate
certificate alone is going to expire.
as I understand it (vaguely at best), if the intermediate certfiicate
expires, that invalidates any certificates it generated, so you
Don't you know how much data you've read that you're about to decrypt?
in your code template, you showed the sendign routine doing...
nread = recv(sock, buffer, 25, 0);
isn't the recieving routine doing somethign similar? well, nread would
be the length you need, no?
On 04/27/11 12:39 PM, derleader mail wrote:
Hi,
I need to compile OpenSSL only with support for Symmetric
encryption - only 3DES support. How I can remove all unneeded stuff?
Can you give an advice what to remove and how to remove it?
I suppose one approach would be to run a test suite
On 04/26/11 3:06 AM, Matthew Fletcher wrote:
I've come to this list in search of help with slow https conenctions (via the
subversion, apache and finally mod_ssl lits).
There is a 15 second ish delay whenever a client connects using https,
15 seconds sounds to *me* like a DNS related
On 04/13/11 10:16 AM, luis hernandez wrote:
Hi
I do not know if you have talk about this here, but I can not find the
answer.
How to translate a command line commandt to a c++ code?
For instance if at commandd prompt i do this: openssl x509 -inform DER
-in cert.cer -noout -enddate
What
On 04/13/11 4:11 PM, luis hernandez wrote:
take a look at the source to openssl (the executable utility). I
believe its in C and it, obviously, can do every possible command line
that it does.
One month doing it that way but there is not other way.
its that or spend month(s) learning
On 03/23/11 11:23 AM, Greaves, Ed (GE Healthcare) wrote:
Any plans for the OpenSSL FIPS module to support Windows CE?
What is the issue preventing this?
which of the multitudes of Windows CE versions and variants would this
support? on what platform(s) would it be certified as FIPS
On 03/23/11 11:56 AM, Greaves, Ed (GE Healthcare) wrote:
Windows CE 6.0 and 7.0 for ARM.
7 was released this month, right? I'd imagine there will be a
development effort spend on it when someone takes it on for their own
requirements.
but I thought Windows-centric stuff generally used
On 02/27/11 12:03 AM, pattabi raman wrote:
Hi,
I need to install open ssl in our solaris-10 machine.
Currently Solaris has GCC Compiler 2.95.
As I checked from the site, mentioned that Openssl needs GCC compiler
3.3.
So Open ssl will work only with gcc 3.3 ? Gcc upgrade is necessary ?
Will
On 02/27/11 9:13 AM, Sander Temme wrote:
On Feb 27, 2011, at 2:02 AM, John R Pierce wrote:
but, my Sol10 systems appear to already have an openssl in
/usr/sfw/bin (and libraries in /usr/sfw/lib, etc) which is maintained
by Oracle
Last time I was on a Solaris box, that one seemed
On 02/25/11 4:28 PM, David Schwartz wrote:
On 2/25/2011 11:59 AM, Michael S. Zick wrote:
On Fri February 25 2011, Ricardo Custodio wrote:
Veja www.icp.edu.br
Interesting, I get a server certificate fails authentication
from the above address.
You haven't chosen to trust the CA that issued
On 02/20/11 6:42 PM, Bharani Dharan wrote:
Hi,
I want to find following details but getting error. Errors are
highlighted in RED. Kindly advise.
# echo | openssl s_client -connect server:25 -starttls smtp
certificate
gethostbyname failure
connect:errno=0
# echo | openssl s_client
On 02/14/11 9:49 AM, Aro RANAIVONDRAMBOLA wrote:
Hello,
I am lookking for an outline API documentation about ssl ( in pdf
format for example ). I did not find it on the website.
have someone got it ?
other than the MAN pages, about the only decent doc is the Sea Lion
book from O'Reilly,
On 01/31/11 10:55 AM, Harshvir Sidhu wrote:
Hi,
Can we use OpenSSL lib with Managed C++? Thanks.
can you call native C style DLL's from this 'Managed C++' (whatever
that is) ? my initial google of 'Managed C++' indicates its a
Microsoft .NET thing that was deprecated circa 2005.
this story is going around the net like hotcakes.
http://marc.info/?l=openbsd-techm=129236621626462w=2
http://marc.info/?l=openbsd-techm=129236621626462w=2
i have no idea how much 'truth' is in there... but didn't openssl get
its start with that same openbsd crypto code?
is any of this
On 10/25/10 5:47 PM, Kishore Atreya wrote:
Hi all
I'm new to OpenSSL and was wondering if the 64 bit package was
backwards compatible with the 32 bit package. Also is there a
significant difference in the API between the 64 and 32 bit package.
its exactly the same code, just compiled for
On 09/22/10 11:57 AM, Chris Rider wrote:
We have a client/server architecture based product that needs to allow
SSL communication between our server (CentOS) and various clients' web
browsers (and additionally, other devices, but that's beyond the scope
of this post).
We've been able to get
I'm trying to process a CRQ that came from a hardware appliance, and its
apparently missing its country code.
$ openssl ca -out tomcat-cert.pem -days 3650 -config ./openssl.cnf
-infiles tomcat_crq.pem
Using configuration from ./openssl.cnf
11516:error:0E06D06C:configuration file
Jon Strait wrote:
Please bear with me as I am in the midst of my crash-course in Linux
upgrade management.
in general, you do NOT want to be using source tarballs to
replace/upgrade components of a package-managed distribution. SuSE
Enterprise Linux 10 has their own upgrade management
芦翔 wrote:
Dear all,
I am trying to add the security flavor to an application. To achieve
this objective, I wrote the codes to establish a security tunnel
between the server and the client with VC2008. When I build the whole
project, there are tens of similar errors. All of them are as
Peter Gubis wrote:
On 13. 3. 2010 0:37, John R Pierce wrote:
our security auditors yanked the token out, and the client continues
to work, ..
you'll probably need to listen for token removal event and destroy this
ssl session after that.
It is working for us in this way. Session should
Dr. Stephen Henson wrote:
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader Gemplus GemPC Twin 00 00. We are having some
trouble when trying to retrieve the private from a
Cesar Henrique Keiti Kuroiwa wrote:
Now we seem to be facing a new issue that comes up when a wrong PIN is
entered and then the card is removed from the reader. After that, we
can no longer do anything with the card after it is re-inserted. Not
even by cleaning and reloading all the
we have a client-server application pair (ok, the server side is
tomcat), the client is using an Aladdin eToken w/ openssl and
engine_pkcs11 and aladdin's driver. thats all fine and working now.
the client application has long running persistence, eg, once its
running, it stays up for
Mark H. Wood wrote:
Notice a few things:
o The OP asked about reducing CPU load, but the answers all talk
about making encryption faster. These are not the same thing.
Offloading encryption might *reduce* throughput of the encrypted
streams, and yet free up CPU time to do other
. wrote:
So we guess the main question is, if we design an AES cryptocore(FPGA)
how do we ensure that the cpu utilization will drop? This is more
important than getting a higher throughput
the hardest part will be getting data in and out of your engine faster
than the CPU can just process it
Ahmad Raif Mohamed Noor Beg wrote:
If we are talking about a PC which uses x86 hardware (Intel, AMD etc), yes with
the Gigahertz speed, using software will be faster than using hw accelerator,
in this case FPGA but the original question was I believe usage in an embedded
environment and using
Luis Daniel Lucio Quiroz wrote:
We are planning to buy this hardware
http://www.broadcom.com/products/BCM800
It claims to run under linux, how ever after linux loads its module. I wonder
to know if openssl will take advantege of it?
thats a 6 year old product, hung on the old/slow PCI
xabi esteban wrote:
A lot of thanks but I'm vey confused and my english is not good. I
compile with ggc -o and you said that this is not enought, i need
linket too?
Put you put an example linking the libreres with gcc or example for a
makefile? Thanks
at a minimum, try adding -lssl -lcrypto
xabi esteban wrote:
I don't understand you. I put the libreries in the includes #include
openssl/ssl.h #include
but i'din't put nothing more.
How i could link with this libreries? I didn't found any example.
you're confusing include files with libraries. you need to tell the
linker
xabi esteban wrote:
I am using in a shell in Ubuntu Linux
try adding -lssl to your link options.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Shaun Crampton wrote:
Sorry, the client will only trust a server cert that is signed by the manufacturers root cert. The server's cert must be issued by the manufacturer's CA.
so they actually issue you your server certificate, but they generate
this with a private RootCA thats not
Shaun Crampton wrote:
Hi,
I have a server that needs to serve content to two groups of clients
over HTTPS. One group of clients are standard web browsers, with the
normal group of trusted roots. The other group are embedded devices
that only support certificates signed by the
Using engine_pkcs11 with openssl and a hardware token like the
Aladdin eToken (using Aladdin's pkcs11 driver), I want to make sure I'm
describing the data flow correctly. In my scenario, the etoken contains
a client certificate. The SSL connection is being opened by a m2crypto
client.
My
Ashok Kumar wrote:
Occasionally someone suggests using a command such as:
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
DO NOT DO THIS! This command will give away your CAs private key and
reduces its security to zero: allowing anyone to forge certificates in
whatever
Ashok Kumar wrote:
I understand it as any browser like firefox, IE etc do NOT need any
private key but CA certificates to communicate over SSL with any
server application, so we dont need to install the key at all. But if
we have to import server certs key into applications like app
server,
Ujwal Chinthala wrote:
Hmm, that could be a problem.
This code is going to run on a box which is shipped to the customer.
So I don't believe we want to ship these boxes with private keys in them :)
any PKI fully secured session requires each host to have its own private
key, and the other
Namrata Sorte wrote:
Hi,
Actually I want to Sign Word Document (.doc) file using RSA (both
encryption-decryption signing-verifying) algorithm. So could you
please tell me what modification will be required to make in existing
algorithm to support signing word document.
openssl is designed
Josselin Jacquard wrote:
Thanks for your response.
Let's say A wants to contact B with SSL.
A send a ssl request to B, but C instead of B answers, because C and B
have the same address (maybe there are behind the same NAT).
C was expecting a call from A, so he accepts the connection.
What I'm
Abbass Marouni wrote:
I have a project, in which I am asked to implement an online
Certificate Authority.
we will be using website hosted in a free server.(Geocities,...).
wasn't geocities shut down finally, after stagnating for the last decade?
anyways, AFAIK, it never let you use any sort
Kyle Hamilton wrote:
I truly, truly wish that people would stop thinking themselves into
the crypto box.
A CA needs to be only as secure as the things that its certificates
secure. In this case, if they're trying to create user authentication
certificates for their customers so that they can
Hall, Leam wrote:
First post, seeking help on the topic that will consume me for the
next two weeks...
We have to remove vendor supplied openssl.0.9.7.a and install from
source 0.9.8L. Removing vendor openssl package also removes
/lib/libcrypto.so.4, and that breaks lots of things like ssh.
Dave Thompson wrote:
IME OpenSSL doesn't install into system locations like /lib by default.
You could specify --installdir and/or --prefix; or IME probably better,
install someplace like /usr/local/ssl or even
/usr/local/replace-openssl-0.9.8l
and then create links from the system locations
Nicolas Pelloux-Prayer wrote:
I'm currently working on a similar task during the development of a
TLS client (with client-side authentication), using a PKCS#11 hardware
token.
The main problem we encountered is that we cannot access the private
key stored in the token; Therefore we made an
Finally, the source code IS the only reliable source of documentation
(assuming you can trust your compiler, OS, and hardware to do the
right thing). It isn't the most CONVENIENT, which is why we desire
other forms.
the implementation details of the 250-odd API entry points in libssl.so
Rene Hollan wrote:
Oh, you need to dig deeper, to understand the semantics and not just
the syntax of those APIs.
I didn't say using the source as documentation was convenient, but it
is possible, to any degree of detail you want.
To wit: given the source code, it is possible to create
Rene Hollan wrote:
Crypto is hard... mostly because X509 is a dog's breakfast of committee
compromisitis.
That said, openssl docs should AT LEAST address one who is familiar with X509.
openssl docs should go way beyond that, and include tutorials of the
'right way' to do a wide range of
The Doctor wrote:
What gives?
no http://www.opensl.org .
No ftp://ftp.openssl.org/ ?
they work here for me, except the first one is http://www.openssl.org/
and not http://www.opensl.org/ as you pasted. http://www.openssl.org/
Ivan Ristic wrote:
By the way, it's a bit ironic that the SSL certificate is not valid
when accessed through openssl.org (without the www prefix):
https://www.ssllabs.com/ssldb/analyze.html?d=www.openssl.org
I like the comment there. Confusing.
yes... openssl is confusing.
:D
Mansour Dagher wrote:
Hi all,
if certificates and associated keys are stored on HW (Sun crypto card for
example), is there a way in openssl to specify the card as the location of
these certificates/kets?
It appears from the methods below, the openSSL only takes filesystem directory
paths
Kirk81 wrote:
Does a individual hackers have the NASA's PC?
assume they can have clusters of 100s/1000s of computers at their
bidding (aka 'botnets' of trojan-infected PC's scattered around the world.)
__
OpenSSL Project
Akira Amore wrote:
Hi,
I'm trying to build rdesktop on a Fedora Core 8 system using
Tuxbuilder-1.0, targetted for a MIPS embedded system.
The rdesktop build throws the following error:
/usr/include/openssl/opensslconf.h:27:2: error: #error This
openssl-devel package does not work your
Matthias Güntert wrote:
hello guys
is anyone working on a replacement for the text based ca database? It
seems the database functions are defined in apps/ca.c and apps/apps.h,
at least for version 0.9.8k. wouldn't it be nice if we had something to
store the data in a relational db?
why?
Bruce Stephens wrote:
OpenSSL works fine on 32 bit SPARC. (As far as I'm aware, anyway. I
don't recall seeing any problems.)
its bundled with Solaris 10 as both 32bit and 64bit sparc binaries
Also works on IBM Power architecture with AIX, this is also a 'big
endian' 32/64bit
Max Terentiev wrote:
How to build OpenSSL DLLs using Borland C++ Builder 6 ?
I can successfuly compile and get libeay32.lib/ssleay32.lib files,
but can't understand how to get .dlls ? I was read INSTALL.W32
many times :-)
I can't help with BC specific stuff, but... DLL's are created by a
I had asked this on the opensc-users list, but realized its more of an
openssl question.
using the wclient2.c sample program [1] from this article [2] as a
starting place
http://www.linuxjournal.com/article/5487
http://www.rtfm.com/openssl-examples/openssl-examples-20020110.tar.gz
I want to
I'm trying to understand how to use a pkcs#11 token/smartcard in
conjunction with openssl to authenticate an SSL client session. I'm
trying to find anything online showing how to stitch all this together
and just spinning around in circles, getting more confused.
The reference
I'm trying to figure out how to use an Aladdin eToken Pro 72k to
authenticate an SSL session initated by a Python 2.4.3 client
application running on a CentOS 4 system.
the python software is a client making XMLRPC calls over https to a
tomcat webservice.We need to add token based
61 matches
Mail list logo